git.gnupg.org Git - gnupg.git/rss - g10/getkey.c historyhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=history;f=g10/getkey.c
The GNU Privacy GuardenGIT admin account/gitweb/git-logo.pnggit.gnupg.org Git - gnupg.git/rss - g10/getkey.c historyhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=history;f=g10/getkey.c
Thu, 14 Mar 2019 13:55:06 +0000Thu, 14 Mar 2019 13:55:06 +0000gitweb v.2.11.0/2.11.0kbx: Unify the fingerprint search modes.Werner Koch <wk@gnupg.org>Thu, 14 Mar 2019 13:55:06 +0000http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=bdda31a26bc69b6ee72e964510db113645de76efhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=bdda31a26bc69b6ee72e964510db113645de76ef
kbx: Unify the fingerprint search modes.
kbx: Unify the fingerprint search modes.
* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR16)
(KEYDB_SEARCH_MODE_FPR20, KEYDB_SEARCH_MODE_FPR32): Remove. Switch
all users to KEYDB_SEARCH_MODE_FPR along with the fprlen value.
--
These search modes were added over time and there has until recently
be no incentive to remove the cruft. With the change for v5 keys I
finally went over all places and allowed the generic fingerprint mode
along with a given length of the fingerprint at all places.
Consequently the other modes can now be removed.
Signed-off-by: Werner Koch <wk@gnupg.org>

]]>
gpg: Prepare revocation keys for use with v5 keys.Werner Koch <wk@gnupg.org>Tue, 4 Dec 2018 14:43:19 +0000http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=c6e2ee020784de63edfa83c76095e086eae49eefhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=c6e2ee020784de63edfa83c76095e086eae49eef
gpg: Prepare revocation keys for use with v5 keys.
gpg: Prepare revocation keys for use with v5 keys.
* g10/packet.h (struct revocation_key): Add field 'fprlen'.
* g10/parse-packet.c (parse_revkeys): Set fprlen and allow for v5
keys. Also fix reading of unitialized data at place where
MAX_FINGERPRINT_LEN is used.
* g10/revoke.c (gen_desig_revoke): Allow for v5 keys and use fprlen.
Do an explicit compare to avoid reading unitialized data.
* g10/sig-check.c (check_revocation_keys): Use the fprlen.
* g10/getkey.c (merge_selfsigs_main): Do an explicit copy to avoid
reading unitialized data.
* g10/import.c (revocation_present): Use fprlen.
* g10/keyedit.c (show_key_with_all_names): Use fprlen.
(menu_addrevoker): Use fprlen. Allow for v5 keys.
* g10/keygen.c (keygen_add_revkey): Use fprlen.
(parse_revocation_key): Allow for v5 keys.
* g10/keyid.c (keyid_from_fingerprint): Allow for v5 keys. Print a
better error message in case of bogus fingerprints.
* g10/keylist.c (print_revokers): Use fprlen.
--
The reading of uninitialized data is harmless but we better fix it to
make valgrind happy. More serious was that we always passed
MAX_FINGERPRINT_LEN but we will need to support 20 and 32 octet
fingerprints and MAX_FINGERPRINT_LEN would be too large for a v4.
Signed-off-by: Werner Koch <wk@gnupg.org>

]]>
gpg: Refresh expired keys originating from the WKD.Werner Koch <wk@gnupg.org>Tue, 28 Aug 2018 13:22:35 +0000http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=7f172404bfcf719b9b1af4a182d4803525ebff7chttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=7f172404bfcf719b9b1af4a182d4803525ebff7c
gpg: Refresh expired keys originating from the WKD.
gpg: Refresh expired keys originating from the WKD.
* g10/getkey.c (getkey_ctx_s): New field found_via_akl.
(get_pubkey_byname): Set it.
(only_expired_enc_subkeys): New.
(get_best_pubkey_byname): Add support to refresh expired keys from the
WKD.
--
A little drawback of that code is that if the WKD has no update for an
expired key each access of the key will trigger a WKD lookup (unless
cached by the dirmngr). To avoid this we need to record the last time
we have checked for an update but that would in turn require that we
update the keyring for each check. We defer this until we have a
better key database which allows for fast updates of meta data.
Testing the code is currently a bit cumbersome because it requires to
update a key in the WKD several times. Eventually we we need a
network emulation layer to provide sample data for the regression
tests.
GnuPG-bug-id: 2917
Signed-off-by: Werner Koch <wk@gnupg.org>

]]>
gpg: Extend the "sig" record in --list-mode.Werner Koch <wk@gnupg.org>Thu, 12 Apr 2018 15:53:17 +0000http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=69c3e7acb744e1e5606a4d946e3b948704cfbbaehttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=69c3e7acb744e1e5606a4d946e3b948704cfbbae
gpg: Extend the "sig" record in --list-mode.
gpg: Extend the "sig" record in --list-mode.
* g10/getkey.c (get_user_id_string): Add arg R_NOUID. Change call
callers.
(get_user_id): Add arg R_NOUID. Change call callers.
* g10/mainproc.c (issuer_fpr_string): Make global.
* g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
also in --list-mode. Print the "issuer fpr" field also if there is an
issuer fingerprint subpacket.
--
Scripts used to rely on the "User ID not found" string even in the
--with-colons listing. However, that is not a good idea because that
string is subject to translations etc. Now we have an explicit way of
telling that a key is missing. For example:
gpg --list-sigs --with-colons | \
awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}'
Prints all keyids or fingerprint of signing keys for which we do not
have the key in our local keyring.
Signed-off-by: Werner Koch <wk@gnupg.org>